x86/speculation/mds: Add 'mitigations=' support for MDS

Add MDS to the new 'mitigations=' cmdline option.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130

(cherry picked from commit 5c14068f87d04adc73ba3f41c2a303d3c3d1fa12)
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 2ada63628b7a59223d6bf0316f4a2f053387c22b..2970a6bcf85898aa7e440cda6ecb6aa78a23436a 100644 (file)
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2440,6 +2440,7 @@
                                               spectre_v2_user=off [X86]
                                               spec_store_bypass_disable=off [X86,PPC]
                                               l1tf=off [X86]
+                                              mds=off [X86]
 
                        auto (default)
                                Mitigate all CPU vulnerabilities, but leave SMT
@@ -2454,6 +2455,7 @@
                                if needed.  This is for users who always want to
                                be fully mitigated, even if it means losing SMT.
                                Equivalent to: l1tf=flush,nosmt [X86]
+                                              mds=full,nosmt [X86]
 
        mminit_loglevel=
                        [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 415f841ec4c007ea7d84f38ce421bf704a57d19e..0229f3fb43333b14c6edf3b99743ad274f5a53a8 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -231,7 +231,7 @@ static const char * const mds_strings[] = {
 
 static void mds_select_mitigation(void)
 {
-       if (!boot_cpu_has_bug(X86_BUG_MDS)) {
+       if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) {
                mds_mitigation = MDS_MITIGATION_OFF;
                return;
        }
@@ -242,7 +242,8 @@ static void mds_select_mitigation(void)
 
                static_branch_enable(&mds_user_clear);
 
-               if (mds_nosmt && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
+               if (!boot_cpu_has(X86_BUG_MSBDS_ONLY) &&
+                   (mds_nosmt || cpu_mitigations_auto_nosmt()))
                        cpu_smt_disable(false);
        }